Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a secret unencrypted in its global configuration file org.jenkinsci.plugins.ParameterizedRemoteTrigger.RemoteBuildConfiguration.xml
on the Jenkins controller as part of its configuration. This secret can be viewed by attackers with access to the Jenkins controller file system.
Parameterized Remote Trigger Plugin 3.1.4 stores the secret encrypted once its configuration is saved again.
www.openwall.com/lists/oss-security/2020/09/01/3
github.com/jenkinsci/parameterized-remote-trigger-plugin
github.com/jenkinsci/parameterized-remote-trigger-plugin/commit/2902ef5ea6eb077f43fd25c880e4920faea4e828
jenkins.io/security/advisory/2020-09-01/#SECURITY-1625
nvd.nist.gov/vuln/detail/CVE-2020-2239